Researchers have discovered two Secure Boot exploits that can bypass protections provided by the mechanism designed to load secure operating system images during the boot-up process.
Microsoft has decided to patch only one of the exploits, specifically CVE-2025-3052, which affects over 50 device manufacturers. The vulnerability allows attackers to disable Secure Boot and install malware before the operating system loads.
The unpatched Secure Boot bypass vulnerability poses a significant risk, especially to devices running on Linux. It can be exploited remotely to enhance the stealth and potency of attacks, particularly in scenarios where the attacker has administrative control.
The root cause of the vulnerability lies in a critical flaw within a firmware flashing tool utilized by DT Research, a supplier of rugged mobile devices. This flaw has been present on VirusTotal since last year and was digitally signed in 2022, indicating it has been available through various channels for some time.